[FX.php List] [OFF] Filemaker Web Security?

Gjermund Gusland Thorsen ggt667 at gmail.com
Fri Sep 5 13:43:13 MDT 2008


And using unicode for language for the password field as well as
unicode for the username; if it's an email, also helps.

ggt

2008/9/5 Troy Meyers <tcmeyers at troymeyers.com>:
> Joel,
>
> Thanks for the acknowledgment. Yes, testing with the two characters "* is a shocker!
>
> -Troy
>
>
>> Whoa, thanks Troy!
>>
>> I know this list has bandied about on using double-equal '==' and
>> quotes, a la:
>>
>>   '=="'.$_POST['user_name'].'"'
>>
>> as safe for logins, but read Troy's last line (below).  Then try
>> entering a valid username and then "* (double-quote asterisk) as the
>> password on a site where you've used that structure!
>>
>> It seems using preg_replace() at LEAST to strip double-quotes is
>> really necessary afterall!
>>
>> Thanks Troy,
>>
>> -Joel
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>


More information about the FX.php_List mailing list